Solved: ASA Non-HTTP connection

davidsonyo · ‎12-14-2015

Hi all,

We are seeing the following syslog massages when we are trying to authenticate via the ASA:

Non-HTTP connection from outside:10.100.100.1/51253 to inside:192.168.76.13/8905 denied by redirect filter; only HTTP connections are supported for redirection.

Built inbound TCP connection 5181 for outside:10.100.100.1/51253 (10.100.100.1/51253)(LOCAL\testuser) to inside:192.168.76.13/8443 (192.168.76.13/8905) (testuser)

Teardown TCP connection 5181 for outside:10.100.100.1/51253(LOCAL\testuser) to inside:192.168.76.13/8443 duration 0:00:00 bytes 0 Flow closed by inspection (testuser)

Is there any workaround the above mentioned issue?

Thanks in advance,

Dave.

Maykol Rojas · ‎12-14-2015

Hello;

Explanation For the CoA feature, the redirect ACL filter drops the matching non-HTTP traffic during the redirect processing

Recommended Action Validate the redirect ACL configuration on the ASA. Make sure that the correct filter is used to match the traffic to redirect and does not block the flow that is intended to be allowed through.

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs1.html#pgfId-8070351

Seems like there is a misconfiguration in CoA.

Mike.

Mike

View solution in original post

Maykol Rojas · ‎12-14-2015